summaryrefslogtreecommitdiffstats
path: root/oti/event-handler/otihandler/utils.py
diff options
context:
space:
mode:
Diffstat (limited to 'oti/event-handler/otihandler/utils.py')
-rw-r--r--oti/event-handler/otihandler/utils.py83
1 files changed, 83 insertions, 0 deletions
diff --git a/oti/event-handler/otihandler/utils.py b/oti/event-handler/otihandler/utils.py
new file mode 100644
index 0000000..4f9dbda
--- /dev/null
+++ b/oti/event-handler/otihandler/utils.py
@@ -0,0 +1,83 @@
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+import base64
+import collections
+import copy
+import os
+
+from Crypto import Random
+from Crypto.Cipher import PKCS1_v1_5
+from Crypto.Hash import SHA
+from Crypto.PublicKey import RSA
+
+
+def update_dict(d, u):
+ """Recursively updates dict
+
+ Update dict d with dict u
+ """
+ for k, v in u.items():
+ if isinstance(v, collections.Mapping):
+ r = update_dict(d.get(k, {}), v)
+ d[k] = r
+ else:
+ d[k] = u[k]
+ return d
+
+def replace_token(configure_content):
+ try:
+ with open("/opt/app/config-map/dcae-k8s-cluster-token",'r') as fh:
+ dcae_token = fh.readline().rstrip('\n')
+
+ new_config = copy.deepcopy(configure_content)
+
+ # override the default-user token
+ ix=0
+ for user in new_config['users'][:]:
+ if user['name'] == "default-user":
+ new_config['users'][ix] = {
+ "name": "default-user",
+ "user": {
+ "token": dcae_token
+ }
+ }
+ ix += 1
+
+ return new_config
+
+ except Exception as e:
+ return configure_content
+
+def decrypt(b64_ciphertext):
+ """returns decrypted b64_ciphertext that was encoded like this:
+
+ echo "cleartext" | openssl pkeyutl -encrypt -pubin -inkey rsa.pub | base64 --wrap=0
+
+ requires private key in environment variable EOMUSER_PRIVATE
+ """
+
+ if len(b64_ciphertext) <= 30: # For transition, assume short values are not encrypted
+ return b64_ciphertext
+
+ try:
+ ciphertext = base64.b64decode(b64_ciphertext)
+ key = RSA.importKey(os.getenv('EOMUSER_PRIVATE'))
+ cleartext = PKCS1_v1_5.new(key).decrypt(ciphertext, Random.new().read(15+SHA.digest_size))
+ except Exception as e:
+ return b64_ciphertext
+
+ return cleartext